<?php
/**
 * Authorization library
 *
 * Contains all code needed to lock out users
 * if they try to login more than the configured
 * amount of times.
 * @package Packages
 */

/**
 *
 */
require_once(AD_SERVER_PATH . '/pkgs/init.php');
require_once(AD_SERVER_PATH . '/pkgs/logger.php');
require_once(AD_SERVER_PATH . '/pkgs/utils.php');

/**
 * Authorization library
 *
 * Contains all code needed to lock out users
 * if they try to login more than the configured
 * amount of times.
 * @package Packages
 */
class CAuth
{
	private $list = array();

	/**
	 * Constructor
	 *
	 * Initilizes class variables, cleans up old
	 * logs and creates any missing logs.
	 */
	public function __construct()
	{
		$this->list['allow'] 		= AD_ACCESS_FOLDER . 'ad_allow.log';
		$this->list['deny'] 		= AD_ACCESS_FOLDER . 'ad_deny.log';
		$this->list['attempt'] 		= AD_ACCESS_FOLDER . 'ad_attempt_'	. date('Y_m_d') . '.log';
		$this->list['deny_temp']	= AD_ACCESS_FOLDER . 'ad_deny_'		. date('Y_m_d') . '.log';

		CLogger::clean_logs($this->list, AD_ACCESS_FOLDER);
		CLogger::create_logs($this->list);
	}

	/**
	 * Tests if login attempt is valid
	 *
	 * Checks if user is allowed to login, and will
	 * ban user if too many attempts are made.
	 * @param string $user
	 * @return string VALID|BANNED|TEMP_BAN
	 */
	public function is_allowed($user)
	{
		if (strpos(file_get_contents($this->list['allow']), $user . ',' . CLogger::get_ip()) !== FALSE)
		{
			$allowed = 'VALID';
		}
		elseif (strpos(file_get_contents($this->list['deny']), $user . ',' . CLogger::get_ip()) !== FALSE)
		{
			$allowed = 'BANNED';
		}
		elseif (strpos(file_get_contents($this->list['deny_temp']), $user . ',' . CLogger::get_ip()) !== FALSE)
		{
			$allowed = 'TEMP_BAN';
		}
		else //
		{
			$allowed = $this->_log_attempt($user);
		}
		return $allowed;
	}

	/**
	 * Cleans up attempt log
	 *
	 * Strips current user name and ip from attempt log.
	 * @param string $user
	 */
	public function clean_attempt($user)
	{
		$output = file_get_contents($this->list['attempt']);
		$output = preg_replace('/'. $user . ',' . CLogger::get_ip() . ',([0-9]+)\r\n/', '', $output, 1);
		CUtils::write_file($this->list['attempt'], $output,  'w');
	}

	/**
	 * Logs user login attemp
	 *
	 * Checks if user has attempted a login from current ip,
	 * if not attempt is added to attempt log, if they have,
	 * but less than the allotted amount, add attempt to
	 * attempt log, if they have tried too many times
	 * just add them to the temporary deny log.
	 * @param string $user
	 * @return string VALID|TEMP_BAN
	 */
	private function _log_attempt($user)
	{
		$output = file_get_contents($this->list['attempt']);
		$found = preg_match('/'. $user . ',' . CLogger::get_ip() . ',([0-9]+)/', $output, $matches);

		if (!$found)
		{
			CUtils::write_file($this->list['attempt'], $user . ',' . CLogger::get_ip() . ",1\r\n", 'a');
			$allowed = 'VALID';
		}
		elseif ($matches[1] < AD_TRIES_TO_LOCKOUT)
		{
			$output = str_replace($user . ',' . CLogger::get_ip() . ',' . $matches[1], $user . ',' . CLogger::get_ip() . ',' . ($matches[1] + 1), $output);
			CUtils::write_file($this->list['attempt'], $output, 'w');
			$allowed = 'VALID';
		}
		else //
		{
			$this->clean_attempt($user);
			CUtils::write_file($this->list['deny_temp'], $user . ',' . CLogger::get_ip() ."\r\n", 'a');
			$allowed = 'TEMP_BAN';
		}
		return $allowed;
	}
}
